QUICK LINKS

TMCnews

TMCnews Featured Article

Better Integration between Solera IPFIX and Netflow-based Scrutinizer

By Mae Kowalke, TMCnet Contributor

Solera (News - Alert) IPFIX and and Plixer’s flexible Netflow-based traffic reporting solution, Scrutinizer, now play nice with each other on the same network.

Solera DeepSee Appliances are turnkey network visibility solutions that monitor networks for advanced threats, malware and zero-day attacks, according to a blog post written by Plixer’s Thomas Pore, and with a simple export Solera IPFIX data files can now work with Scrutinizer.

“Since the appliance has access to 100 percent of the packets, we could see Solera export portions of the packets in IPFIX sometime in the future,” wrote Pore. “It is nice to see another security company recognize that NetFlow and IPFIX need to play a considerable roll in their security and threat detection offering.”

Scrutinizer is a next-generation analyzer tool that can push flow collection rates above 100,000 flows per second and can also transition that data into traffic patterns.

Version 10 was officially unveiled in October, delivering capabilities ranging from mapping and IP groups to a report designer, and much more detailed reports being produced overall. It also offers simpler configuration that allows users to closely monitor traffic patterns with reduced complexity, as well as website identification which highlights users visiting sites such as Facebook (News - Alert).

“If an organization thinks their network was compromised in any way, Scrutinizer can show IT the exact flow for each data log, and even the exact user in order to stop the bleeding,” noted Michael Patterson in a statement, CEO and co-founder of Plixer.

“The overwhelming popularity of NetFlow has brought much prestigious recognition its way,” noted Jamie Epstein in a TMCnet article about Scrutinizer. “The Web-based tool boasts a user friendly interface and can be seamlessly integrated into any legacy system.”

“IPFIX and Netflow have valuable information like IP addresses, flow size and duration,” noted Solera sales engineer Ryan Smith in a blog post. “It’s enough to get some good information, but not enough to complete an incident response, or even reconstruct the files.”

When combined with DeepSee, however, IT now has a full picture of network activity.

“DeepSee not only identifies thousands of applications, it indexes thousands of data points inside those applications,” wrote Smith. “The metadata gives an analyst the ability filter on any index, eliminate data with NOT lists, and create complex search criteria such as; Any traffic to a list of DoD watch list countries where the http method is POST and the mime type is an office document or PDF.”

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.